Re: [opensuse] 12.1 LDAP nscd Samba problems

Am Mittwoch 23 November 2011, 18:14:44 schrieb lynn:
On 23/11/11 17:44, Ralf Haferkamp wrote:
[..]

Hm, this sound like a missing
bind_policy soft

in /etc/ldap.conf. Can you check that? If that is missing and you
setup LDAP client using YaST, please open a Bugreport.

Yes I have:
bind_policy soft
in /etc/ldap.conf
Good.

But to make tls work I had to change /etc/openldap/ldap.conf:

TLS_REQCERT hard
TLS_CACERT /etc/openldap/cacert.pem

Does that make any difference?
Hm, normally YaST adds those line. I have no idea why it didn't work in
your case.

bugzilla as to why, here:
https://bugzilla.novell.com/show_bug.cgi?id=730046
[..]

Is there any reason you are using nss_ldap instead of sssd, btw?
[..]
No reason. I've done this as a newbie because I had to make a single
sign on setup for our LAN when win 7 boxes were connected. Otherwise it
would have cost us a small fortune for the local computer consultancy
to do it for us. I've done most of this via Yast. I made the
certificates for tls support by hand because the 12.1 Yast CA
management module is broken:

https://bugzilla.novell.com/show_bug.cgi?id=730889

Other than this I have no idea what the difference is between nss_ldap
and sssd. You seem to suggest that sssd is better.
It's better insofar that it is acutally maintained. nss_ldap didn't get a
lot attention upstream lately. Additionally it adds some nice feature
like offline caching and integrated kerberos support. It also addresses
some linker issue we had with nss_ldap which caused problems with
thunderbird and openoffice in the past. (Especially if nscd was
disabled.)

If so, is it easy to change?
It's possible through YaST ldap-client. Should work by just clicking the
"Use sssd" checkbox. If you didn't have nss_ldap installed before
starting the YaST ldap-client module sssd should actually be the default
selection.

Ralf

--
To unsubscribe, e-mail: opensuse+unsubscribe@xxxxxxxxxxxx
To contact the owner, e-mail: opensuse+owner@xxxxxxxxxxxx

Relevant Pages

  • Re: SuSe License Agreement?
    ... >> In 9.0, there was a couple of things missing, including Yast. ... >> if that still holds with 9.1, as Yast has now been released to GPL. ... > download. ... The manuals are included in pdf, or html form, as part of the ...
    (alt.os.linux.suse)
  • Re: [opensuse] /dev/md0 does not start up at system boot (opensuse 11.2 x86_64)
    ... I don't know what modules may be missing in initrd, but I created my RAID1 array in Yast and It works without a flaw; ...
    (SuSE)
  • Re: problem starting linux (kde)
    ... I have installed the missing parts of XFree86 ... with Yast and now I can get into Linux normally again with a window. ...
    (alt.os.linux.suse)
  • Re: [SLE] export DISPLAY and xhost +
    ... > Since you seam to be missing an small piece of the ... > SuSe has forseen your need and prepared thier ... that it takes almost a minute for yast to start up, ...
    (SuSE)